Project 6-1: Compare Forensic Analysis Tools In this project you will compare th
ID: 3605782 • Letter: P
Question
Project 6-1: Compare Forensic Analysis Tools In this project you will compare the features of some fo tools to be used in a small company's IT department. Find one or more web sites that discuss and review fore tools that would be suitable for use in a smaller organization. The tools to be considered should possess ability to: 1. Copy the contents of a computer's hard drive. 2. Find and recover files that have been deleted on a computer's hard drive. 3. Determine a history of web sites that have been recently visited. 4. Search the computer's hard drive for files containing key words 5. Compare the contents of files on a computer's hard drive. 6. Copy the contents of other storage devices such as USB drives 7. Log the activities performed with the tool. The company may want to consider one or more of the following tools that are available, including Access Data FTK Imager AccessData ensic analysis Forensic Toolkit EnCase ProDiscover . SafebackExplanation / Answer
AccessData Forensic Toolkit
Forensic Toolkit, or FTK, is a computer forensics software sold by AccessData. It is widely recognised Computer Forensic tool worldwide. It scans a hard drive for various information. For example, it can be used to scan a disk for text strings that can be used as a password dictionary to crack encryption. This tool can also be used to locate deleted emails on your local drive. The Forest Toolkit is the only court-cited digital forensic tool built for stability, speed and ease of use.
AccessData FTK Imager
FTK also contains a standalone disk imaging program called FTK Imager. It is a simple but concise tool. It saves the hard disk image in a single file or in segments that may later be reconstructed. It uses MD5 hashing technique to confirm the data integrity of a file before closing the file. The result is an image file(s) that can be saved in several formats, including DD raw.
EnCase
EnCase is a family of all-in-one computer forensics suites made by Guidance Software. It includes EnCase Forensic Edition, EnCase Enterprise, EnCase eDiscovery, and EnCase Lab Edition. All these programs use a proprietary image file format that has been reverse engineered. Further, in these tools Users can create scripts to automate various tasks. These scripts are called, called EnScripts.
EnCase has the ability to rapidly gather data from various devices and unearth potential evidence. It can then print a report based on the evidence. This tool does not come for free and has license cost attached to it.
ProDiscover
ProDiscover Forensic is another popular but powerful computer forensic tool being used worldwide. It aids computer professionals to trace all of the data stored on a computer disk and at the same time protect evidence. It can be used to create quality evidentiary reports that can be used in legal activities.
Some of the other capabilities of this tool is that it can recover deleted files, access Windows Alternate Data Streams and examine slack space. It is not possible to hide data from a ProDiscover Forensic Tool because it reads the disk at the sector level.
Safeback
SafeBack, similar to EnCase, is a commercial computer forensics program. This tool is mainly used by law enforcement agencies in various legal proceedings, throughout the world. SafeBack creates an image of the hard disks of Intel-based computer systems and later restore these images on other hard disks. It is a DOS based program, which can be run from a floppy disk, and is used exclusively for imaging. Unlike EnCase it does not include the analysis capabilities.
Related Questions
Navigate
Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.